This notice explains why and when we collect personal information (data) about you: how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Our customers should read this notice alongside our general terms and conditions of appointment which provide further information on confidentiality, data privacy etc.
This notice does not apply to any websites that may be linked to our web site.
Lakehouse Risk Services Limited, a managing general agency, issuing policies of After the Event insurance to protect its customers from the adverse costs of litigation, necessarily collects data from its customers. This data is collected, processed and stored by us and we are therefore the data controller of the personal information that you provide to us.
Lakehouse Risk Services Limited is authorised and regulated by the Prudential Regulation Authority under number 772673. .
Our Data Protection Officer is Michael Lent who can be contacted by email – email@example.com
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about we would use your data, please email firstname.lastname@example.org.
The information we will request from you will depend on the different types of litigation that you have asked us to insure or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us:
Usually, personal data will be restricted to the basic information necessary to complete our instructions and identity checks. However, some of the work we do, particularly personal injury claims and claims for breach of privacy, will require us to ask for more sensitive information but only insofar as it is required to enable us to assess the risks associated with litigation which you are pursuing.
Information about you may be obtained from a number of sources including:
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Lakehouse Risk Services Limited. However there may be circumstances where we may need to disclose some information to third parties, for example,
HM Land Registry, to register a property
HM Revenue & Customs, e.g. payment of Stamp Duty
Court or Tribunal
Instructing an independent barrister/solicitor to advise us and/or provide us with an independent view of the merits of the case you wish us to insure
Instructing non-legal experts to provide opinions
External regulators e.g. Prudential Regulation Authority
Bank or Building Society
Providers of identity verification
Any disclosure required by law or regulation such as the prevention of financial crime or terrorism
If your information is shared with third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use the information for their own purposes unless you have explicitly consented to them doing so.
There may be some occasions where personal data that may require your specific consent. If this is the case we will contact you separately and obtain your consent which you are free not to provide.
Your information is valuable and we take all reasonable measures to protect while it is in our care.
We use technology and operational security to protect personal information from loss, misuse, alteration or destruction. A high threshold is adopted when it comes to confidentiality obligations. Our technology providers have agreed to protect confidentiality of personal information and to comply with the obligations of the GDPR.
We enforce, where possible, physical access controls to our offices and files to keep data safe.
Personal information will be retained only for as long necessary to fulfil the purposes for which the information was collected or as required by law or as long as is set out in any relevant contract with you. For example –
As long as necessary to carry out your instructions,
For a minimum of 7 years from the conclusion or closure of your policy in case you or we need to re-examine the policy for the purpose of defending complaints against us,
Under GDPR you are entitled to access your personal data otherwise known as a right to access. If you wish to make such a request, please do so in writing to our Data Protection Officer, Michael Lent, at email@example.com or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc., but it does not mean that you are entitled to the documents that contain this data.
Under certain circumstances, in addition to the entitlement to access your data, you have the following rights:
The personal data is no longer necessary for the purpose for which it was originally collected
Where your consent is withdrawn
Where you object to the processing and there is no overriding legitimate interest for continuing processing
The personal data was unlawfully processed
Where you object to the processing for direct marketing purposes
This right applies where the information is used for direct marketing purposes.
If you have an objection relating to your particular situation we have to stop processing your personal data unless we can demonstrate compelling reasons which override your interests, rights and freedoms. However your objection will not be upheld if we are processing the information for the establishment or exercise of the defence of legal claims.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection officer who will investigate further. Our Data Protection Officer is Michael Lent and you can contact him at firstname.lastname@example.org.
If you are not satisfied with our response or believe we are not processing your data in accordance with the law, you can complain to the Information Commissioner’s Office.
We will never send marketing communications via SMS or call you without your specific consent: nor do we ever pass on or sell your details to a third party.
The following are examples of how we collect your personal data,
If we collect your personal data, you will be provided with the opportunity to decide whether or not to receive marketing communications from us.
You have the right to object to this processing. Should you wish to do so please email email@example.com.
We will only ever use non-sensitive personal information to target individuals with marketing materials. Sensitive information or specific details will never be used to target marketing communications.
Any questions regarding this notice and our privacy practices should be sent by email to firstname.lastname@example.org.
Lakehouse Risk Services Limited is a limited company registered in England and Wales, registered number 10052270 and regulated by the Prudential Regulation Authority number 772673 .